Init Yor

Tomer David Ben Zohar · Tomer David Ben Zohar · commit 04e64abc89e1 · 2025-10-20T14:12:11.000+03:00
diff --git a/terraform/compute.tf b/terraform/compute.tf
@@ -84,5 +84,6 @@ resource "aws_instance" "eks_node" {
   tags = {
     Name                                        = "${var.cluster_name}-worker-node"
     "kubernetes.io/cluster/${var.cluster_name}" = "owned"
+    yor_trace                                   = "90431c16-0edf-4f72-86a8-65b4cbd93720"
   }
 }
diff --git a/terraform/ecr.tf b/terraform/ecr.tf
@@ -18,6 +18,7 @@ resource "aws_ecr_repository" "flask_webserver_repo" {
 
   tags = {
     "project" = var.cluster_name
+    yor_trace = "0d0a05ef-5c32-48b7-9ffe-e0665bd7f454"
   }
 }
 
@@ -38,5 +39,6 @@ resource "aws_ecr_repository" "malware_repo" {
 
   tags = {
     "project" = var.cluster_name
+    yor_trace = "5a46f4a9-1a39-4255-b741-eab4a522e432"
   }
 }
diff --git a/terraform/eks.tf b/terraform/eks.tf
@@ -26,8 +26,9 @@ resource "aws_eks_cluster" "my_cluster" {
   enabled_cluster_log_types = []
 
   tags = {
-    Name                          = var.cluster_name
+    Name                            = var.cluster_name
     "aws:cloudformation:logical-id" = "EKSCluster"
     "aws:cloudformation:stack-name" = "eks-cluster"
+    yor_trace                       = "4bb1d221-fd9b-452f-a22f-2edc482dc4c7"
   }
 }
diff --git a/terraform/iam.tf b/terraform/iam.tf
@@ -16,6 +16,9 @@ resource "aws_iam_role" "eks_cluster" {
       Principal = { Service = "eks.amazonaws.com" }
     }]
   })
+  tags = {
+    yor_trace = "71e80f57-5b49-4c4c-99ff-29e13e40c009"
+  }
 }
 
 # Attaches the required AWS-managed policy for EKS clusters to the role.
@@ -37,12 +40,18 @@ resource "aws_iam_role" "eks_node" {
       Principal = { Service = "ec2.amazonaws.com" }
     }]
   })
+  tags = {
+    yor_trace = "455d1ccd-870f-427b-bc92-bfc76ad01627"
+  }
 }
 
 # Creates an instance profile, which is a container for the IAM role that EC2 can use.
 resource "aws_iam_instance_profile" "eks_node" {
   name_prefix = "eks-node-profile-"
   role        = aws_iam_role.eks_node.name
+  tags = {
+    yor_trace = "b72d1645-b33f-40ff-ab24-7705f483cee3"
+  }
 }
 
 # Attaches the standard EKS worker node policy.
@@ -84,6 +93,9 @@ data "aws_iam_policy_document" "lambda_assume_role" {
 resource "aws_iam_role" "cortex_custom_lambda" {
   name_prefix        = "cortex-custom-lambda-role-"
   assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+  tags = {
+    yor_trace = "35f259fd-6ec8-4bd0-83e6-8349d898cc8a"
+  }
 }
 
 # Attaches the basic execution policy, allowing the function to write to CloudWatch Logs.
@@ -96,6 +108,9 @@ resource "aws_iam_role_policy_attachment" "cortex_custom_lambda_policy" {
 resource "aws_iam_role" "empty_bucket_lambda" {
   name_prefix        = "empty-bucket-lambda-role-"
   assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+  tags = {
+    yor_trace = "ed83470c-52de-4607-825c-b7e2deaa7774"
+  }
 }
 
 # Attaches the basic execution policy.
@@ -108,4 +123,7 @@ resource "aws_iam_role_policy_attachment" "empty_bucket_lambda_policy" {
 resource "aws_iam_role" "cortex_custom_lambda_2" {
   name_prefix        = "cortex-custom-lambda-2-role-"
   assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+  tags = {
+    yor_trace = "d31e30bd-f341-4784-8ff0-4fab123f92f3"
+  }
 }
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
@@ -23,6 +23,9 @@ resource "aws_lambda_function" "cortex_custom_lambda" {
   memory_size   = local.common_lambda_settings.memory_size
   architectures = local.common_lambda_settings.architectures
   timeout       = 75
+  tags = {
+    yor_trace = "4edbaf52-b78d-4ad3-8a67-c435c4583d6f"
+  }
 }
 
 # Defines the Lambda function responsible for emptying S3 buckets.
@@ -38,6 +41,9 @@ resource "aws_lambda_function" "empty_bucket_lambda" {
   memory_size   = local.common_lambda_settings.memory_size
   architectures = local.common_lambda_settings.architectures
   timeout       = 600
+  tags = {
+    yor_trace = "d5aa41a6-602f-49eb-bdc1-a4b199c99dd3"
+  }
 }
 
 # Defines the second Cortex custom Lambda function.
@@ -53,4 +59,7 @@ resource "aws_lambda_function" "cortex_custom_lambda_2" {
   memory_size   = local.common_lambda_settings.memory_size
   architectures = local.common_lambda_settings.architectures
   timeout       = 75
+  tags = {
+    yor_trace = "8bb83fd0-d44c-41f8-989d-d53e06a2599f"
+  }
 }
diff --git a/terraform/massaging.tf b/terraform/massaging.tf
@@ -6,6 +6,7 @@ resource "aws_sns_topic" "cloudtrail_notifications" {
 
   tags = {
     "managed_by" = "paloaltonetworks"
+    yor_trace    = "5ace4cb8-7329-46fe-8d46-a0df687e02b2"
   }
 }
 
@@ -51,14 +52,15 @@ resource "aws_sns_topic_delivery_policy" "cloudtrail_notifications_delivery_poli
 resource "aws_sqs_queue" "cloudtrail_queue" {
   name = "cortex-cloudtrail-logs-queue-980573775279-m-a-9995931061259"
 
-  delay_seconds             = 0
-  max_message_size          = 1048576
-  message_retention_seconds = 345600
+  delay_seconds              = 0
+  max_message_size           = 1048576
+  message_retention_seconds  = 345600
   visibility_timeout_seconds = 30
-  sqs_managed_sse_enabled   = true
+  sqs_managed_sse_enabled    = true
 
   tags = {
     "managed_by" = "paloaltonetworks"
+    yor_trace    = "da138900-c796-44a4-8007-6397c2d8bd06"
   }
 }
 
diff --git a/terraform/network.tf b/terraform/network.tf
@@ -12,7 +12,8 @@ resource "aws_vpc" "k8s_vpc" {
   instance_tenancy     = "default"
 
   tags = {
-    Name = "${var.cluster_name}-VPC"
+    Name      = "${var.cluster_name}-VPC"
+    yor_trace = "a6984cd3-0504-40d2-9145-462394d34948"
   }
 }
 
@@ -30,6 +31,7 @@ resource "aws_subnet" "public_1" {
   tags = {
     Name                     = "${var.cluster_name}-public-subnet-1"
     "kubernetes.io/role/elb" = "1"
+    yor_trace                = "2265ca48-5ec5-4eca-927e-ef714787825f"
   }
 }
 
@@ -43,6 +45,7 @@ resource "aws_subnet" "public_2" {
   tags = {
     Name                     = "${var.cluster_name}-public-subnet-2"
     "kubernetes.io/role/elb" = "1"
+    yor_trace                = "42bde467-c9e9-49bc-8182-177fbc170ab1"
   }
 }
 
@@ -55,6 +58,7 @@ resource "aws_subnet" "private_1" {
   tags = {
     Name                              = "${var.cluster_name}-private-subnet-1"
     "kubernetes.io/role/internal-elb" = "1"
+    yor_trace                         = "0f702fcd-da42-4f9b-b0f6-ca243fc73e0e"
   }
 }
 
@@ -67,6 +71,7 @@ resource "aws_subnet" "private_2" {
   tags = {
     Name                              = "${var.cluster_name}-private-subnet-2"
     "kubernetes.io/role/internal-elb" = "1"
+    yor_trace                         = "206bb654-53df-457e-85ac-c9e0d26ae61e"
   }
 }
 
@@ -79,36 +84,45 @@ resource "aws_subnet" "private_2" {
 resource "aws_internet_gateway" "k8s_igw" {
   vpc_id = aws_vpc.k8s_vpc.id
   tags = {
-    Name = "${var.cluster_name}-IGW"
+    Name      = "${var.cluster_name}-IGW"
+    yor_trace = "80841cf5-ccc3-4081-937b-cc28e7fba0a1"
   }
 }
 
 # Allocates a static public IP address for the first NAT Gateway.
 resource "aws_eip" "nat_eip_1" {
   domain = "vpc"
-  tags   = { Name = "${var.cluster_name}-NAT1-EIP" }
+  tags = { Name = "${var.cluster_name}-NAT1-EIP"
+    yor_trace = "a78a1285-ff97-4689-9085-83b325e98bec"
+  }
 }
 
 # Allocates a static public IP address for the second NAT Gateway.
 resource "aws_eip" "nat_eip_2" {
   domain = "vpc"
-  tags   = { Name = "${var.cluster_name}-NAT2-EIP" }
+  tags = { Name = "${var.cluster_name}-NAT2-EIP"
+    yor_trace = "d9c3ef4d-4670-49da-adbf-7464bd3472b7"
+  }
 }
 
 # Creates a NAT Gateway in the first public subnet for outbound internet access from private subnets.
 resource "aws_nat_gateway" "nat_gateway_1" {
   allocation_id = aws_eip.nat_eip_1.id
   subnet_id     = aws_subnet.public_1.id
-  tags          = { Name = "${var.cluster_name}-NAT1" }
-  depends_on    = [aws_internet_gateway.k8s_igw]
+  tags = { Name = "${var.cluster_name}-NAT1"
+    yor_trace = "04c561be-71d5-4e7d-9a81-3aacf3226ee7"
+  }
+  depends_on = [aws_internet_gateway.k8s_igw]
 }
 
 # Creates a second NAT Gateway in the second public subnet for high availability.
 resource "aws_nat_gateway" "nat_gateway_2" {
   allocation_id = aws_eip.nat_eip_2.id
   subnet_id     = aws_subnet.public_2.id
-  tags          = { Name = "${var.cluster_name}-NAT2" }
-  depends_on    = [aws_internet_gateway.k8s_igw]
+  tags = { Name = "${var.cluster_name}-NAT2"
+    yor_trace = "15907bb5-1ddb-4143-bf0a-01c1e84a05d7"
+  }
+  depends_on = [aws_internet_gateway.k8s_igw]
 }
 
 
@@ -119,7 +133,9 @@ resource "aws_nat_gateway" "nat_gateway_2" {
 # Defines a route table for the public subnets.
 resource "aws_route_table" "public" {
   vpc_id = aws_vpc.k8s_vpc.id
-  tags   = { Name = "${var.cluster_name}-Public-RT" }
+  tags = { Name = "${var.cluster_name}-Public-RT"
+    yor_trace = "01296ba5-e2d3-4c8d-a0a7-4e57eae19f27"
+  }
 }
 
 # Adds a route to the public route table that directs internet-bound traffic to the Internet Gateway.
@@ -145,7 +161,9 @@ resource "aws_route_table_association" "public_2" {
 # Defines a dedicated route table for the first private subnet.
 resource "aws_route_table" "private_1" {
   vpc_id = aws_vpc.k8s_vpc.id
-  tags   = { Name = "${var.cluster_name}-Private-RT-1" }
+  tags = { Name = "${var.cluster_name}-Private-RT-1"
+    yor_trace = "66bbd369-07a2-40aa-a8d4-0d70260eb063"
+  }
 }
 
 # Adds a route that directs internet-bound traffic from the private subnet to the first NAT Gateway.
@@ -165,7 +183,9 @@ resource "aws_route_table_association" "private_1" {
 # Defines a dedicated route table for the second private subnet.
 resource "aws_route_table" "private_2" {
   vpc_id = aws_vpc.k8s_vpc.id
-  tags   = { Name = "${var.cluster_name}-Private-RT-2" }
+  tags = { Name = "${var.cluster_name}-Private-RT-2"
+    yor_trace = "74914750-8b52-4d1c-b3ac-4814c62d118e"
+  }
 }
 
 # Adds a route that directs internet-bound traffic from the private subnet to the second NAT Gateway.
diff --git a/terraform/s3.tf b/terraform/s3.tf
@@ -7,7 +7,9 @@
 # Defines the primary S3 bucket resource for storing CloudTrail logs.
 resource "aws_s3_bucket" "cloudtrail_logs" {
   bucket = var.cloudtrail_logs_bucket_name
-  tags   = { "managed_by" = "paloaltonetworks" }
+  tags = { "managed_by" = "paloaltonetworks"
+    yor_trace = "6df7191d-c4d1-4e05-9690-4784798fd344"
+  }
 }
 
 # Enforces settings to block all public access to the CloudTrail logs bucket.
@@ -84,6 +86,9 @@ resource "aws_s3_bucket_policy" "cloudtrail_logs_policy" {
 # Defines the S3 bucket used for storing CloudFormation templates.
 resource "aws_s3_bucket" "cf_templates" {
   bucket = var.cf_templates_bucket_name
+  tags = {
+    yor_trace = "153adb36-af2f-44fe-ab87-21c23ec927da"
+  }
 }
 
 # Blocks all public access to the CloudFormation templates bucket.
@@ -121,6 +126,9 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "cf_templates_sse"
 # Defines the S3 bucket for Cortex testing purposes.
 resource "aws_s3_bucket" "c2c_test_cortex" {
   bucket = "c2c-test-cortex"
+  tags = {
+    yor_trace = "a04ae2fb-0741-479b-95d3-cf49fcd906f8"
+  }
 }
 
 # Blocks all public access to the Cortex test bucket.
diff --git a/terraform/security.tf b/terraform/security.tf
@@ -11,6 +11,9 @@ data "aws_caller_identity" "current" {}
 resource "aws_accessanalyzer_analyzer" "external_access" {
   analyzer_name = "ExternalIAMAccessAnalyzer"
   type          = "ACCOUNT"
+  tags = {
+    yor_trace = "a4174ede-6f57-4284-b9fd-4c8e86d7f1e5"
+  }
 }
 
 # Configures account-wide settings to block all public access from security groups.
@@ -58,6 +61,7 @@ resource "aws_kms_key" "cloudtrail_key" {
 
   tags = {
     managed_by = "paloaltonetworks"
+    yor_trace  = "74945f95-7de1-41c9-8257-e2c1a71d5bdc"
   }
 }
 
@@ -73,7 +77,8 @@ resource "aws_security_group" "eks_control_plane_sg" {
   vpc_id      = aws_vpc.k8s_vpc.id
 
   tags = {
-    Name = "${var.cluster_name}-control-plane-sg"
+    Name      = "${var.cluster_name}-control-plane-sg"
+    yor_trace = "ce91c912-4314-45b5-bffb-20f547e16398"
   }
 }
 
@@ -112,7 +117,8 @@ resource "aws_security_group" "eks_node_sg" {
   }
 
   tags = {
-    Name = "${var.cluster_name}-EKSNodeSG"
+    Name      = "${var.cluster_name}-EKSNodeSG"
+    yor_trace = "13e249d9-3c5f-41fa-bbb5-351e948e3cfe"
   }
 }
 
@@ -138,6 +144,7 @@ resource "aws_security_group" "eks_shared_sg" {
   tags = {
     Name                                        = "eks-cluster-sg-${var.cluster_name}"
     "kubernetes.io/cluster/${var.cluster_name}" = "owned"
+    yor_trace                                   = "7baba9ed-9a90-4989-bb38-bad48762e434"
   }
 }
 
@@ -151,6 +158,7 @@ resource "aws_default_security_group" "k8s_vpc_default" {
   vpc_id = aws_vpc.k8s_vpc.id
 
   tags = {
-    Name = "${var.cluster_name}-default-sg"
+    Name      = "${var.cluster_name}-default-sg"
+    yor_trace = "6ace4199-43d0-48b6-bfff-8b54063cce58"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,5 +84,6 @@ resource "aws_instance" "eks_node" {`
`84`	`84`	`tags = {`
`85`	`85`	`Name = "${var.cluster_name}-worker-node"`
`86`	`86`	`"kubernetes.io/cluster/${var.cluster_name}" = "owned"`
	`87`	`+ yor_trace = "90431c16-0edf-4f72-86a8-65b4cbd93720"`
`87`	`88`	`}`
`88`	`89`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ resource "aws_ecr_repository" "flask_webserver_repo" {`
`18`	`18`
`19`	`19`	`tags = {`
`20`	`20`	`"project" = var.cluster_name`
	`21`	`+ yor_trace = "0d0a05ef-5c32-48b7-9ffe-e0665bd7f454"`
`21`	`22`	`}`
`22`	`23`	`}`
`23`	`24`
`@@ -38,5 +39,6 @@ resource "aws_ecr_repository" "malware_repo" {`
`38`	`39`
`39`	`40`	`tags = {`
`40`	`41`	`"project" = var.cluster_name`
	`42`	`+ yor_trace = "5a46f4a9-1a39-4255-b741-eab4a522e432"`
`41`	`43`	`}`
`42`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,9 @@ resource "aws_eks_cluster" "my_cluster" {`
`26`	`26`	`enabled_cluster_log_types = []`
`27`	`27`
`28`	`28`	`tags = {`
`29`		`- Name = var.cluster_name`
	`29`	`+ Name = var.cluster_name`
`30`	`30`	`"aws:cloudformation:logical-id" = "EKSCluster"`
`31`	`31`	`"aws:cloudformation:stack-name" = "eks-cluster"`
	`32`	`+ yor_trace = "4bb1d221-fd9b-452f-a22f-2edc482dc4c7"`
`32`	`33`	`}`
`33`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ resource "aws_sns_topic" "cloudtrail_notifications" {`
`6`	`6`
`7`	`7`	`tags = {`
`8`	`8`	`"managed_by" = "paloaltonetworks"`
	`9`	`+ yor_trace = "5ace4cb8-7329-46fe-8d46-a0df687e02b2"`
`9`	`10`	`}`
`10`	`11`	`}`
`11`	`12`
`@@ -51,14 +52,15 @@ resource "aws_sns_topic_delivery_policy" "cloudtrail_notifications_delivery_poli`
`51`	`52`	`resource "aws_sqs_queue" "cloudtrail_queue" {`
`52`	`53`	`name = "cortex-cloudtrail-logs-queue-980573775279-m-a-9995931061259"`
`53`	`54`
`54`		`- delay_seconds = 0`
`55`		`- max_message_size = 1048576`
`56`		`- message_retention_seconds = 345600`
	`55`	`+ delay_seconds = 0`
	`56`	`+ max_message_size = 1048576`
	`57`	`+ message_retention_seconds = 345600`
`57`	`58`	`visibility_timeout_seconds = 30`
`58`		`- sqs_managed_sse_enabled = true`
	`59`	`+ sqs_managed_sse_enabled = true`
`59`	`60`
`60`	`61`	`tags = {`
`61`	`62`	`"managed_by" = "paloaltonetworks"`
	`63`	`+ yor_trace = "da138900-c796-44a4-8007-6397c2d8bd06"`
`62`	`64`	`}`
`63`	`65`	`}`
`64`	`66`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,9 @@ data "aws_caller_identity" "current" {}`
`11`	`11`	`resource "aws_accessanalyzer_analyzer" "external_access" {`
`12`	`12`	`analyzer_name = "ExternalIAMAccessAnalyzer"`
`13`	`13`	`type = "ACCOUNT"`
	`14`	`+ tags = {`
	`15`	`+ yor_trace = "a4174ede-6f57-4284-b9fd-4c8e86d7f1e5"`
	`16`	`+ }`
`14`	`17`	`}`
`15`	`18`
`16`	`19`	`# Configures account-wide settings to block all public access from security groups.`
`@@ -58,6 +61,7 @@ resource "aws_kms_key" "cloudtrail_key" {`
`58`	`61`
`59`	`62`	`tags = {`
`60`	`63`	`managed_by = "paloaltonetworks"`
	`64`	`+ yor_trace = "74945f95-7de1-41c9-8257-e2c1a71d5bdc"`
`61`	`65`	`}`
`62`	`66`	`}`
`63`	`67`
`@@ -73,7 +77,8 @@ resource "aws_security_group" "eks_control_plane_sg" {`
`73`	`77`	`vpc_id = aws_vpc.k8s_vpc.id`
`74`	`78`
`75`	`79`	`tags = {`
`76`		`- Name = "${var.cluster_name}-control-plane-sg"`
	`80`	`+ Name = "${var.cluster_name}-control-plane-sg"`
	`81`	`+ yor_trace = "ce91c912-4314-45b5-bffb-20f547e16398"`
`77`	`82`	`}`
`78`	`83`	`}`
`79`	`84`
`@@ -112,7 +117,8 @@ resource "aws_security_group" "eks_node_sg" {`
`112`	`117`	`}`
`113`	`118`
`114`	`119`	`tags = {`
`115`		`- Name = "${var.cluster_name}-EKSNodeSG"`
	`120`	`+ Name = "${var.cluster_name}-EKSNodeSG"`
	`121`	`+ yor_trace = "13e249d9-3c5f-41fa-bbb5-351e948e3cfe"`
`116`	`122`	`}`
`117`	`123`	`}`
`118`	`124`
`@@ -138,6 +144,7 @@ resource "aws_security_group" "eks_shared_sg" {`
`138`	`144`	`tags = {`
`139`	`145`	`Name = "eks-cluster-sg-${var.cluster_name}"`
`140`	`146`	`"kubernetes.io/cluster/${var.cluster_name}" = "owned"`
	`147`	`+ yor_trace = "7baba9ed-9a90-4989-bb38-bad48762e434"`
`141`	`148`	`}`
`142`	`149`	`}`
`143`	`150`
`@@ -151,6 +158,7 @@ resource "aws_default_security_group" "k8s_vpc_default" {`
`151`	`158`	`vpc_id = aws_vpc.k8s_vpc.id`
`152`	`159`
`153`	`160`	`tags = {`
`154`		`- Name = "${var.cluster_name}-default-sg"`
	`161`	`+ Name = "${var.cluster_name}-default-sg"`
	`162`	`+ yor_trace = "6ace4199-43d0-48b6-bfff-8b54063cce58"`
`155`	`163`	`}`
`156`	`164`	`}`